Software Development Teamwork From An Information Security Perspective

András Kerti; Norbert Nyári

András Kerti Faculty of Military Science and Officer Training of the University of Public Service https://orcid.org/0000-0003-2149-5500
Norbert Nyári Óbuda University Doctoral School on Safety and Security Sciences https://orcid.org/0000-0003-0229-7584

Keywords: risk assessment, IT security, information security, standards theory, software development

Abstract

The present study demonstrates how to combine the international standard ISO/IEC 27005 and the US standard NIST SP 800-30 to perform risk analyzes, through the example of a fictional software development company.
Starting with a brief introduction to the company, the reader can get acquainted with the basic concepts of the DevOps approach in order to have a more accurate view of the processes taking place within the development company.
Subsequently, starting from the Hungarian regulatory environment, an overview is presented of the current state of information security standards, taking into account the NATO and ENISA information security product catalogues.
After that an ISO-NIST combined risk analysis technique is briefly described, the foundations of which were laid in 2017 by Putra, Fandi A., and others. A simple example of the application of the technique is also shown.